Introduce configuration options to build an "hardened" OpenWRT.
Options to enable Stack-Smashing Protection, FORTIFY_SOURCE and RELRO
have been introduced.
uClibc makefile now automatically detects if SSP support is necessary.
hostapd makefile has been fixed to use "^" as sed separator since
using a comma was problematic when using "-Wl,-z,now" and the like in
TARGET_CFLAGS.
Currently enabling SSP on user space depends on enabling SSP kernel
side, this is due to the fact that TARGET_CFLAGS are used to build
kernel modules (at least). Suggestions on how to avoid this are welcome.
Using "select" instead of "depends on" doesn't seem to work with choice
entries.
Tested with a lantiq (WBMR) router, GCC 4.8, uClibc and a subset of
the available packages.
Needs to be tested with GCC 4.9 and the remaining packages.
PIE not currently included.
Signed-off-by: Alessandro Di Federico <ale+owrt@clearmind.me>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44005 3c298f89-4303-0410-b956-a3cf2f4a3e73
fixes compiler error after a binutils rebuild/reinstall without
rebuilding the rest of the toolchain
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43785 3c298f89-4303-0410-b956-a3cf2f4a3e73
--enable-plugin is necessary for gcc-ar, gcc-nm and gcc-ranlib to work, which
must be used with GCC 4.9 for LTO to work.
Without this option, gcc-ar etc. will just fail with
sorry - this program has been built without plugin support
Using the normal ar from binutils with GCC 4.9 and -flto will cause linking
with static "convenience" libraries to fail.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43783 3c298f89-4303-0410-b956-a3cf2f4a3e73
Several versions of gcc have an issue in libstdc++v3 where the build may
clobber stamp-bits with a link to itself. This doesn't manifest itself
on all systems. On several Ubuntu systems, this doesn't appear to be a
problem, but it is an issue on Fedora 16 systems.
To fix the issue, we'll simply filter out stamp-bits from the symlinks
to be generated.
Note: gcc 4.4.7 is unaffected by this issue, so no fix is necessary
there.
Signed-off-by: John Szakmeister <john@szakmeister.net>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43669 3c298f89-4303-0410-b956-a3cf2f4a3e73
Kernel 3.15's asm.h includes eva-asm.h, so copy it also, else lzma-loader
won't compile due to a missing include.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43460 3c298f89-4303-0410-b956-a3cf2f4a3e73
When building with CONFIG_BUILD_NLS=y, uClibc fails to compile with following
message (or similar, according to https://dev.openwrt.org/ticket/13095):
-snip-
...
Warning: adding UNDEFINED entry for ar_AE
Warning: adding UNDEFINED entry for am_ET
Warning: adding UNDEFINED entry for af_ZA
grep "^#define" extra/locale/locale_tables.h > extra/locale/lt_defines.h
grep "^#define __lc" extra/locale/locale_collate.h >> extra/locale/lt_defines.h
gcc extra/locale/gen_wctype.c -o extra/locale/gen_wctype -Os -Wall -D__UCLIBC_GEN_LOCALE -I./
extra/locale/gen_wctype.c: In function 'main':
extra/locale/gen_wctype.c:684:2: warning: #warning fix the upper bound on the upper/lower tables... save 200 bytes or so [-Wcpp]
for locale in en_US en_GB; do \
extra/locale/gen_wctype $locale > extra/locale/wctables.h || \
extra/locale/gen_wctype $locale.UTF-8 > extra/locale/wctables.h || \
extra/locale/gen_wctype $locale.iso8859-1 > extra/locale/wctables.h && break; \
done
make[4]: *** [extra/locale/wctables.h] Error 1
-snap-
This seems to also depend on the host system used, e.g. running a fresh
checkout on a Debian 7.6 system triggered this error, while running the
very same stuff on an Ubuntu 12.10 Quantal Quetzal does not trigger it.
This is the configuration I used:
-snip-
buildbot@buildbot:~/openwrt-nls.git$ scripts/diffconfig.sh
CONFIG_TARGET_ar71xx=y
CONFIG_TARGET_ar71xx_generic=y
CONFIG_TARGET_ar71xx_generic_Default=y
CONFIG_DEVEL=y
CONFIG_BUILD_NLS=y
CONFIG_DOWNLOAD_FOLDER="/srv/downloads/downloads"
-snap-
In the ticket mentioned above, a patch is referenced which solves this issue.
Note, that this issue is also present on 14.07.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43446 3c298f89-4303-0410-b956-a3cf2f4a3e73
Without this patch, selecting "Compile with full language support"
results in the following question during build:
...
Locale Support (UCLIBC_HAS_LOCALE) [Y/n/?] y
Locale data
> 1. All locales (UCLIBC_BUILD_ALL_LOCALE) (NEW)
2. Only selected locales (UCLIBC_BUILD_MINIMAL_LOCALE) (NEW)
3. Use Pre-generated Locale Data (UCLIBC_PREGENERATED_LOCALE_DATA) (NEW)
choice[1-3]:
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43445 3c298f89-4303-0410-b956-a3cf2f4a3e73
Add initial support for the AArch64 architecture
Signed-off-by: Florian Fainelli <florian@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43353 3c298f89-4303-0410-b956-a3cf2f4a3e73
Since we updated autoconf in r42855 we also need to enforce its use
while building eglibc to allow it to build successfully.
Signed-off-by: Florian Fainelli <florian@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43352 3c298f89-4303-0410-b956-a3cf2f4a3e73
musl libc doesn't support the GNU getopt extension to parse non-option
arguments when the optstring starts with '-'.
This extension is used by some utilities, notably iptables, that
currently return with errors even with perfectly valid invocations.
The patch adds the code needed by getopt.c and getopt_long.c to
implement that extension.
Signed-off-by: Gianluca Anzolin <gianluca@sottospazio.it>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43309 3c298f89-4303-0410-b956-a3cf2f4a3e73
The Makefile for binutils creates a broken symlink to "binutils-linaro" in
"trunk/build_dir/toolchain-<target>_gcc-4.9-linaro_uClibc-0.9.33.2".
Modify the Makefile to point the symlink to the correct directory.
Signed-off-by: Nathan Hintz <nlhintz@hotmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42954 3c298f89-4303-0410-b956-a3cf2f4a3e73
This patch adds missing architecture-specific headers for use with
eventfd(2). Fixes#16679.
Signed-off-by: Luis Dallos <ld@nkvd.ignorelist.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42916 3c298f89-4303-0410-b956-a3cf2f4a3e73
This patch ensures that libgcc_s.so properly honours the NOEXECSTACK flag
for MIPS builds, when gcc-linaro-4.8 or 4.9 is the chosen C compiler.
Signed-off-by: Andrew McDonnell <bugs@andrewmcdonnell.net>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42769 3c298f89-4303-0410-b956-a3cf2f4a3e73
Non-functional edits to toolchain/Config.in:
* fix spelling mistake ("us" -> "is")
* Overly long help lines shortened to avoid line wrap
* Standardize help info to use tab(s), then two spaces
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42518 3c298f89-4303-0410-b956-a3cf2f4a3e73
This fixes eglibc build failure. More information about the bug can be found on
the link below.
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61796
Signed-off-by: Luka Perkov <luka@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@41657 3c298f89-4303-0410-b956-a3cf2f4a3e73